Newsroom

On April 25th, we hosted the annual Tweet Jam with identity experts tweeting about topics that are sure to be the buzz at Identiverse in June. We had a great turn out…35 participants and 348 tweets in one hour, with the conversation reaching to over 2.7 million impressions for the day (that’s 32% more than last year)!

Plus, we also announced a special discount for Tweet Jam participants, which has been extended by one more week (even for those who couldn’t participate). Register for Identiverse by May 20th and SAVE 50% when you use code: TweetJam50! If you missed the Tweet Jam, we’ve put together some of the highlights for each of the questions asked. Feel free to use #Identiverse to jump in and add your own thoughts on Twitter.

Q1: Facebook is broken. How big of a problem is this for the identity industry?

We touched on issues around sources of verified attributes and the importance of privacy to individuals. With GDPR just around the corner, and a burgeoning interest from large corporations that want to provide identity services to consumers, we can expect ongoing discussions around these topics. (See all Q1 answers)

@Prabath (Prabath Siriwardena): Well, the good thing about the Facebook/Cambridge Analytica scandal is, it gave so much visibility to GDPR—and in fact justified many of its suggestions. Its like something planned just ahead of GDPR. #identiverse #GDPR

@AJ_Axio: Recent Facebook issues are simply a public wake-up call that Facebook should not be your sole source for identity. Layered security is essential. #identiverse

@RobbReck: I’m not sure it’s broken…I think it’s working exactly as designed. The problem is that our expectations for privacy, control of our data and transparency of our providers are broken. #identiverse

Q2: High-assurance identity: Cure-all, or curse? Explain.

We’ve seen a number of schemes and projects looking at how to provide greater assurance around identity and attributes. There is a tendency (especially at the executive level) to assume that more data is better, especially if that data is ‘true’. But it’s clear that we need to right-size the data we collect (no more than is fit for purpose). Not just for regulatory reasons, but also to ensure that we can get useful outcomes from the data we collect. High-assurance identity and attributes will certainly play a role…but our reliance on such attributes must be temperate. (See all Q2 answers)

@RobbReck: I’m not sure how anyone can be against high-assurance identity. No, we shouldn’t do away with anonymity, but when someone is performing an action that requires assurance (voting, opening a bank account, taking a job) it’s critical. #identiverse

@davidjbrossard: Neither. High-assurance identity is important: avoid fraud and deliver the right services to the right individuals. It’ll help build better trust among parties and enable new services (delegation, caring for the elderly, sharing data with those we trust). #identiverse

@SarahKSquire: We need high-assurance identity in high-risk cases, but in many other cases even low-assurance identity is overkill. It’s okay to let people do things anonymously on the Internet. We don’t need to constantly track everyone. #identiverse

Q3: Without blockchain, identity would be _____. Images are welcome!

This was bound to cause some controversy—and we weren’t disappointed. The consensus seems to be that blockchain is an interesting technology (among other distributed ledger approaches), but we need to be cautious in applying it to identity problems. “Because we can” isn’t reason enough. (See all Q3 answers)

@JoniBrennan: Without #blockchain, identity would still be identity and attributes would still be attributes. The blockchain family of protocols is about data provenance and management. Identity is a socio-legal construct and blockchain is tech. #identiverse

@LPeterman (Lance Peterman): Everything looks like a nail when staring at blockchain. Problem is, it isn’t even a hammer. Identity has its challenges, hence why we’re here. I’ve yet to be convinced that blockchain is an answer to anything identity related. #identiverse

@SarahKSquire: We really don’t know how distributed ledger technology will influence identity yet. We’re going to need DIDs and verifiable claims, but those don’t have to involve a blockchain. #identiverse

Q4: Multi-factor authentication: What’s next?

With the FIDO2 and WebAuthn standards released, more enterprises—and consumer-facing applications—are starting to adopt multi-factor authentication solutions. That’s good for security, but we now need to consider how to make things even simpler for the user. Time to start looking more closely at contextual and AI/ML-driven authentication (with privacy concerns at the forefront of our thinking). (See all Q4 answers)

@IdentityZack (Zack Martin): More MFA? There’s still a lot of work to be done to get the masses to adopt MFA. The tech needs to be made easier for consumers. I’m really interested in seeing how adaptive authentication and behavioral biometrics impact the market. #identiverse

@steve_lockstep (Steve Wilson): As cryptographically sophisticated personal hardware devices take off, I see MFA devolving into *fewer* factors. One factor will do if it’s non-phishable, easy to use, intuitive, tamper resistant, revoke-able. #identiverse

@TriciaKicksSaaS (Tricia A Howard): I really think biometrics is where it’s at. Consumers want ease of use when it comes to security. Otherwise they’ll find unsecure workarounds, etc. They’re already using it with their mobile devices, so it’s a known, quasi-convenient practice. #identiverse

Q5: Open Banking, Open Aviation, Open IoT…Is Open Everything the next great frontier?

Increasing business transparency and interoperability is good, and it’s great to see identity not only being taken into consideration, but actually forming the backbone of projects like Open Banking. The identity industry needs to stay engaged in these projects. The risks are high if identity (and security) aren’t properly taken into consideration from the very beginning. (See all Q5 answers)

@EmLindley: Open APIs hold great promise and security risk in equal measures. #identiverse

@JonLehtinen: Interoperability is a godsend, and it’s been great to watch the industry operators advocate for and then execute on setting standards for helping achieve it. Regulators/govs mandate workgroups to form, and the industry itself delivers repeatable results. #identiverse

Bonus: What are you looking forward to most at #Identiverse Boston 2018?

There’s a lot to look forward to. All our traditions are back, like bootcamp, the CISO panel, our family program and more. But there’s also rich content presented by the best thinkers and speakers across the industry, topped with thought-provoking keynotes and keynote panels. And of course, the networking opportunities are unparalleled.

@jgklein23 (Jeffrey Klein): Schedule permitting, I’m taking on boot camp this year. I like it, I love it, I want more of it. #identiverse

@AJ_Axio: Networking with and learning from interesting and intelligent IAM experts committed to the greater good. #identiverse

Thanks again to our moderator Elinor Mills at the Bateman Group and to all the participants that jumped in on the conversation. We look forward to hearing more from you all at Identiverse in Boston, June 23-27. And don’t forget to register and SAVE 50%…the savings end Sunday, May 20th.